Some cynics say no good deed goes unpunished – and that appears to be what is happening in cyberspace, with high-growth enterprises more likely to be targeted by threat actors, according to a recent study.
Hyper-growth companies – defined as businesses enjoying more than 40% annual increase in revenues – are increasingly singled out by cybercriminals hungry for an illicit slice of their fat profits, infosec firm Beyond Identity said in a blog.
“Employees from hyper-growth companies reported more cyberattacks than standard growth companies,” said Beyond Identity. “Over a third of respondents said their company had experienced three to five previous attacks. Slightly more than a quarter reported one to two.”
But standard-growth businesses experienced fewer attacks, with just a quarter reporting three to five breaches, according to Beyond Identity’s survey of more than a thousand workers at entry-level to established firms.
The findings come despite hyper-growth companies declaring a “more aggressive stance” on cybersecurity than regular ones – nearly two-thirds as opposed to just over half.
Pointing to the COVID pandemic, which facilitated a rise in phishing attacks exploiting healthcare concerns in 2020, the survey added: “Hyper-growth companies, many of which operate in the health and technology sectors, were particularly hard hit. For example, Magellan Health, a Fortune 500 insurer, experienced a cyber attack that exposed 1.7 million internal and external customer accounts.”
“With rapid expansion comes more employee data to protect,” added the survey, suggesting this presents threat actors with a larger attack surface to exploit.
However, there is also some evidence that hyper-growth firms are in some ways better insulated from the fallout of a cyber attack. While standard-growth firms estimated losses at between $34,000 and $119,000, for their fast-track counterparts this range was much lower – no more than $25,000.
The survey did not provide adequate explanation for why this was the case.
Room for improvement
Beyond Identity believes that core areas of interest for fast-growing enterprises – such as revenue increase, marketing strategy and financial stability – could “distract focus from cybersecurity concerns.”
This assertion is borne out by its report, which found that rapidly growing firms were slightly behind their less fortunate counterparts when it came to backing up vital data, educating staff about cybersecurity, and protecting computer hardware.
However, “two areas where hyper-growth companies had a 20-plus point lead [over regular firms] were in creating a security-focused culture and investing in cybersecurity insurance,” said Beyond Identity.
Perhaps most shockingly, half of all firms surveyed – high and normal growth – admitted they did not restrict network access on their in-house systems.
“Whether they know it or not, employees often expose confidential data to outside sources by using their personal email address for company business, and not taking adequate precautions to protect passwords,” said Beyond Identity.
More from Cybernews:
Subscribe to our newsletter